Mountain Lion VPN problem?

Since upgrading to Mountain Lion (10.8) my VPN that uses L2TP/IPSec with machine authentication with a certificate no longer works. My other VPNs seem OK, I just have a problem using authentication with certificates.

I am a bit new at this. i use to have seemless VPN access to my work computer but when I upgraded to ML it all screwed up.

i use viscosity to for VPN and then Windows RDC to connect to my work computer. now when i connect through VISCOSITY it tells me that I am connected to my work server but when I try to use RDC it couldnt connect. at the same time while I am connected to VPN via Viscosity my internet stop working. I dont know what is going on but it is too frustrating for me.

anyways, can you please tell me how can I grant the VPN certificate (the private key part) to allow for all applications to access.

Open Keychain Access (use spotlight), search for the certificate you use in your VPN configuration using the search box which is located in top right of the winddow, you may have to select the appropriate keychain from the list in the left hand navigation column titled 'Keychains', for me, mine was in the System keychain.

You should see your certificate listed int he main window, it should have a small arrow to the left of the certificate name.

Click on the arrow and this should reveal the private key below, it has a key icon associated with it.

Double click on the private key and a window should pop up showing the private key.

At the top of this window there are two buttons that can be toggled, 'Attributes' and 'Access Control', by default the Attributes button is selected (greyed out). Click on the 'Acces Control' button.

The window changes to display a couple of butons, the top one 'Allow all applications to access this item' and 'Confirm before allowing access'. Click the top button 'Allow all applications to access this item'

Click on the button 'Save Changes', you may have to enter your admin pasword.

I'm experiencing the same issue on OSX 10.8 with certificates-based L2TP over IPsec VPN with MS-CHAPv2 for PPP, but the identified solution did not resolve the issue for me. /var/log/system.log shows the same as the OP. I've seen previous posters who had PPP issues using CHAP or PAP, but MS-CHAPv2 should "just work" OOB on the native client.

I've been testing and determined the issue is definitely certificate related. Using PSK-based L2TP over IPsec with MS-CHAPv2 for PPP works just fine. However, the introduction of the certificate borks it. Any ideas?

The solution works indeed, but adds a security risk by allowing all application access to the private key. Better would be to _only_ allow the VPN client (racoon) access.

So instead of choosing the option "Allow all applications to access this item", you should use the option "Always allow access by these applications:" and select racoon. The path fo the executable is /usr/sbin/racoon.

Pro tip: if you don't see the /usr folder when browsing for the executable, use the Show hidden files shortcut: cmd-shift-. (cmd-shift-dot).

My problem with it. I can access VPN okay. However, when I then tried to access my organisations web pages it will not load. Other web pages are ok. The problem is the same no matter I am on the internal network or coming in from outside the network. When I turn VPN off it is OK. I use the built in VPN in Mountain Lion. The previous OS was fine.

More Like This

Incoming Links

This site contains user submitted content, comments and opinions and is for informational purposes only.
Apple may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Apple can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums.
Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.